Credit to Author: Kaspersky Team| Date: Wed, 24 Nov 2021 11:48:41 +0000
Telehealth promises many benefits: remote 24-hour monitoring of the patient’s vital signs; the ability to get expert opinions even in the most remote regions; and considerable savings of time and resources into the bargain. In theory, the modern level of technology makes all this possible right now. In practice, however, telehealth still faces certain difficulties.
Our colleagues, assisted by Arlington Research, interviewed representatives of large medical companies around the globe about the application of telehealth practices. The questions probed their views on the development of this field and, above all, the difficulties that doctors face when providing medical services remotely. Here is what they found.
Patient data leaks
According to 30% of those surveyed, patient data at their clinics had been compromised as a result of telehealth sessions. In today’s climate of strictly regulated PII protection, leaks can cause serious problems for medical institutions in terms of both reputational damage and fines from regulators.
How to fix it? Before adopting a new IT-based process, it makes sense to carry out an external audit to identify and remediate security and privacy flaws.
Lack of data protection understanding
42% of respondents admitted that medical employees taking part in telehealth sessions do not have a clear understanding of the data protection processes practiced in their clinic. This is undoubtedly bad. The doctor (a) might make a mistake that leads to a leak and (b) will be unable to answer (increasingly common) questions from the patient.
How to fix it? First, the medical institution needs to produce a document that clearly spells out how data is stored and processed, and send it to all employees. Second, doctors should be more aware of modern cyberthreats. This will minimize the chance of error.
54% of respondents said their institutions provide telehealth services using software not designed for this purpose. Again, this can cause leaks simply due to the technical limitations of the software platforms used or unpatched vulnerabilities contained inside them.
How to fix it? Wherever possible, use software designed specifically for medical purposes. Conduct a security audit of all applications used to provide remote services.
Diagnostic errors due to technical limitations
34% of organizations had experienced cases of misdiagnosis due to poor photo or video quality. This issue is partly a consequence of the previous one: video-conferencing software often automatically reduces image quality to ensure a seamless session. But problems can also arise due to congested servers or communication channels.
How to fix it? Unfortunately, not everything here depends on the medical company — the root of the problem may lie in low-quality client-side equipment. All the same, the company should do all it can to minimize potential complications by providing backup capacity (if on-prem servers are used for teleconferencing) and a spare communication channel.
Legacy operating systems
73% of telehealth companies use equipment based on legacy operating systems. In some cases, this is for compatibility requirements, but it can also be due to upgrade costs or the simple lack of qualified IT staff. A vulnerable legacy system in the network can potentially serve as an entry point for attackers and be used both to steal patient data and to sabotage telehealth processes.
How to fix it? It goes without saying that operating systems should be updated whenever possible. However, this is not always feasible, for example, when using outdated medical equipment. In this case, we recommend isolating vulnerable systems in a separate network segment offline, and fitting them with specialized security solutions operating in Default Deny mode.
More details about the Telehealth Take-up: Risks and Opportunities report are available here.